danidiaz · August 29, 2015 14:02
diff --git a/do_cnts_install_ghc.sh b/do_cnts_install_ghc.sh
 #! /bin/bash
 
 # http://linuxcommand.org/wss0150.php
 function error_exit
 {
 	echo "$1" 1>&2
 	exit 1
 } 
 
 # http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root 
 if [ `whoami` = root ]; then

    echo `ip addr show eth0 | grep 'inet ' | awk '{ print $2 }' | cut -d/ -f1` `hostname` >> /etc/hosts

    # Disable password authentication
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
    # Necessary to allow X11 forwarding in Docker containers
    echo 'X11UseLocalhost no' >> /etc/ssh/sshd_config
    
    # Block tcp ports other than 22
    # http://serverfault.com/questions/157375/reject-vs-drop-when-using-iptables
    # If developing web apps, use port forwarding as an alternative.
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j DROP
    /sbin/service iptables save
    # http://serverfault.com/questions/355086/managing-parallel-rules-for-ipv4-and-ipv6-iptables
    # Better not allow any ipv6 tcp; I'm not going to use it.
    # ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
    ip6tables -A INPUT -i eth0 -p tcp -m state --state NEW -j DROP
    /sbin/service ip6tables save
    
    ## Disable ipv6
    ## http://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df
    #echo "net.ipv6.conf.all.disable_ipv6 = 1" >>  /etc/sysctl.conf 
    #echo "net.ipv6.conf.default.disable_ipv6 = 1" >>  /etc/sysctl.conf
    ## http://ubuntuforums.org/showthread.php?t=1649657
    #echo 'AddressFamily inet' >> /etc/ssh/sshd_config
    ## http://crashmag.net/disable-ipv6-lookups-with-bind-on-rhel-or-centos

    # For installing GHC
    yum -y install perl gmp gmp-devel zlib zlib-devel gcc
    # For installing tmux from source
    yum -y install ncurses-devel
    # For installing vim 
    yum -y install gcc make ncurses-devel python-devel
    # For installing vim plugins
    yum -y install git
    # X
    yum -y install xorg-x11-xauth xeyes
    # Other stuff
    yum -y install man wget w3m irssi nc socat
    
    # allowing EPEL
    rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm || error_exit "ERROR: EPEL"    
    
    # fail2ban
    # https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6
    # https://scottlinux.com/2013/12/09/ipv6-linux-security/
    yum -y install fail2ban
    cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    sed -i 's/maxretry = ./maxretry = 1/g' /etc/fail2ban/jail.local
    # ~ 7 days ban default
    sed -i 's/bantime  = 600/bantime  = 600000/g' /etc/fail2ban/jail.local
    service fail2ban restart
    
    # Docker
    # https://docs.docker.com/installation/centos/
    yum -y install docker-io
    service docker start
    chkconfig docker on
    docker pull centos:latest

    # Installing vim from source
    # Maybe not needed? CentOS has a previous version in its repos
    # See http://d.stavrovski.net/blog/post/how-to-build-and-install-vim-74-from-source-on-centos6rhel6
    # http://stackoverflow.com/questions/3373914/compiling-vim-with-python-support
     
    curl -O  ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2
    tar jxvf vim-*.tar.bz2
    cd vim*
     
    ./configure --disable-selinux \
    --enable-multibyte \
    --with-features=huge \
    --enable-pythoninterp \
    --with-python-config-dir=/usr/lib64/python2.6/config
    
    make
    make install || error_exit "ERROR: Vim"    
    hash -r
    cd $HOME
     

    # See http://superuser.com/questions/738829/attempting-to-install-tmux-on-centos-6-4-or-centos-6-5-fails-with-error-evbuff
    curl -L -O https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
    tar -zxvf libevent-2.0.21-stable.tar.gz
    cd libevent-2.0.21-stable
    ./configure
    make
    make install
    cd ..
     
    curl -L -O http://downloads.sourceforge.net/tmux/tmux-1.9a.tar.gz
    tar -xvzf tmux-1.9a.tar.gz
    cd tmux-1.9a
    ./configure
    make
    make install || error_exit "ERROR: Tmux"    
    cd $HOME


    # Installing GHC from source
    curl -O http://www.haskell.org/ghc/dist/7.8.2/ghc-7.8.2-x86_64-unknown-linux-centos65.tar.bz2
    tar -jxvf ghc-7.8.2-x86_64-unknown-linux-centos65.tar.bz2
    cd ghc-7.8.2
    ./configure
    make install || error_exit "ERROR: GHC"    
    cd $HOME
     

    # Creating and configuring haskdev user
    useradd -m haskdev
    # https://docs.docker.com/installation/binaries/#giving-non-root-access
    # http://www.ludeke.net/2013/12/run-docker-commands-without-sudo.html
    # https://docs.docker.com/articles/security/#dockersecurity-daemon
    gpasswd -a haskdev docker
    mkdir /home/haskdev/.ssh
    cp /root/.ssh/authorized_keys /home/haskdev/.ssh/authorized_keys
    chown haskdev:haskdev /home/haskdev/.ssh/authorized_keys

    cp $0 /home/haskdev/haskdev.sh
    chown haskdev:haskdev /home/haskdev/haskdev.sh
    chmod u+x /home/haskdev/haskdev.sh
    su - -c /home/haskdev/haskdev.sh haskdev
    rm -rf /home/haskdev/haskdev.sh
    
    # Haskdev can shut the machine down
    # http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
    echo "haskdev ALL= NOPASSWD: /sbin/shutdown -h now, /usr/bin/lastb" >> /etc/sudoers

    cd $HOME
    rm -rf ghc*
    rm -rf libevent*
    rm -rf tmux*
    rm -rf vim*

 elif [ `whoami` = haskdev ]; then

    # Configuring vim
    curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.vimrc
     
    mkdir -p ~/.vim/autoload ~/.vim/bundle && \
    curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
     
    cd .vim/bundle
    git clone https://github.com/Shougo/unite.vim.git
    git clone https://github.com/tpope/vim-surround.git
    git clone https://github.com/tpope/vim-repeat
    git clone https://github.com/sirver/ultisnips
    git clone https://github.com/dag/vim2hs
    cd $HOME
    
    mkdir .vim/colors
    cd .vim/colors
    curl -L -O https://raw.githubusercontent.com/fugalh/desert.vim/master/desert.vim
    cd $HOME

    # Configuring tmux
    # Note that prefix is set to C-j
    curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.tmux.conf
     
    # Necessary for tmux to work
    echo export LD_LIBRARY_PATH=/usr/local/lib >> $HOME/.bash_profile


    # Installing Cabal
    curl -O http://www.haskell.org/cabal/release/cabal-install-1.20.0.2/cabal-install-1.20.0.2.tar.gz
    tar -zxvf cabal-install-1.20.0.2.tar.gz
    cd cabal-install-1.20.0.2
    ./bootstrap.sh
    cd $HOME

    echo "PATH=\$PATH:\$HOME/.cabal/bin" >> .bash_profile
    echo "export PATH" >> .bash_profile
     
    PATH=$PATH:$HOME/.cabal/bin
    cabal update

    cd $HOME
    rm -rf cabal-install*

    echo "set -o vi" >> .bashrc
    echo ''alias dockerX11run=\''docker run -v $HOME:/hosthome:ro -e XAUTHORITY=/hosthome/.Xauthority -e DISPLAY=$(echo $DISPLAY | sed "s/^.*:/$(hostname -i):/")'''\' >> .bashrc

 else

    echo "Should not be here!!!"

 fi
	#! /bin/bash

	# http://linuxcommand.org/wss0150.php
	function error_exit
	{
	echo "$1" 1>&2
	exit 1
	}

	# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root
	if [ `whoami` = root ]; then

	echo `ip addr show eth0 \| grep 'inet ' \| awk '{ print $2 }' \| cut -d/ -f1` `hostname` >> /etc/hosts

	# Disable password authentication
	sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
	# Necessary to allow X11 forwarding in Docker containers
	echo 'X11UseLocalhost no' >> /etc/ssh/sshd_config

	# Block tcp ports other than 22
	# http://serverfault.com/questions/157375/reject-vs-drop-when-using-iptables
	# If developing web apps, use port forwarding as an alternative.
	iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j DROP
	/sbin/service iptables save
	# http://serverfault.com/questions/355086/managing-parallel-rules-for-ipv4-and-ipv6-iptables
	# Better not allow any ipv6 tcp; I'm not going to use it.
	# ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
	ip6tables -A INPUT -i eth0 -p tcp -m state --state NEW -j DROP
	/sbin/service ip6tables save

	## Disable ipv6
	## http://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df
	#echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
	#echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
	## http://ubuntuforums.org/showthread.php?t=1649657
	#echo 'AddressFamily inet' >> /etc/ssh/sshd_config
	## http://crashmag.net/disable-ipv6-lookups-with-bind-on-rhel-or-centos

	# For installing GHC
	yum -y install perl gmp gmp-devel zlib zlib-devel gcc
	# For installing tmux from source
	yum -y install ncurses-devel
	# For installing vim
	yum -y install gcc make ncurses-devel python-devel
	# For installing vim plugins
	yum -y install git
	# X
	yum -y install xorg-x11-xauth xeyes
	# Other stuff
	yum -y install man wget w3m irssi nc socat

	# allowing EPEL
	rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm \|\| error_exit "ERROR: EPEL"

	# fail2ban
	# https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6
	# https://scottlinux.com/2013/12/09/ipv6-linux-security/
	yum -y install fail2ban
	cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
	sed -i 's/maxretry = ./maxretry = 1/g' /etc/fail2ban/jail.local
	# ~ 7 days ban default
	sed -i 's/bantime = 600/bantime = 600000/g' /etc/fail2ban/jail.local
	service fail2ban restart

	# Docker
	# https://docs.docker.com/installation/centos/
	yum -y install docker-io
	service docker start
	chkconfig docker on
	docker pull centos:latest

	# Installing vim from source
	# Maybe not needed? CentOS has a previous version in its repos
	# See http://d.stavrovski.net/blog/post/how-to-build-and-install-vim-74-from-source-on-centos6rhel6
	# http://stackoverflow.com/questions/3373914/compiling-vim-with-python-support

	curl -O ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2
	tar jxvf vim-*.tar.bz2
	cd vim*

	./configure --disable-selinux \
	--enable-multibyte \
	--with-features=huge \
	--enable-pythoninterp \
	--with-python-config-dir=/usr/lib64/python2.6/config

	make
	make install \|\| error_exit "ERROR: Vim"
	hash -r
	cd $HOME


	# See http://superuser.com/questions/738829/attempting-to-install-tmux-on-centos-6-4-or-centos-6-5-fails-with-error-evbuff
	curl -L -O https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
	tar -zxvf libevent-2.0.21-stable.tar.gz
	cd libevent-2.0.21-stable
	./configure
	make
	make install
	cd ..

	curl -L -O http://downloads.sourceforge.net/tmux/tmux-1.9a.tar.gz
	tar -xvzf tmux-1.9a.tar.gz
	cd tmux-1.9a
	./configure
	make
	make install \|\| error_exit "ERROR: Tmux"
	cd $HOME


	# Installing GHC from source
	curl -O http://www.haskell.org/ghc/dist/7.8.2/ghc-7.8.2-x86_64-unknown-linux-centos65.tar.bz2
	tar -jxvf ghc-7.8.2-x86_64-unknown-linux-centos65.tar.bz2
	cd ghc-7.8.2
	./configure
	make install \|\| error_exit "ERROR: GHC"
	cd $HOME


	# Creating and configuring haskdev user
	useradd -m haskdev
	# https://docs.docker.com/installation/binaries/#giving-non-root-access
	# http://www.ludeke.net/2013/12/run-docker-commands-without-sudo.html
	# https://docs.docker.com/articles/security/#dockersecurity-daemon
	gpasswd -a haskdev docker
	mkdir /home/haskdev/.ssh
	cp /root/.ssh/authorized_keys /home/haskdev/.ssh/authorized_keys
	chown haskdev:haskdev /home/haskdev/.ssh/authorized_keys

	cp $0 /home/haskdev/haskdev.sh
	chown haskdev:haskdev /home/haskdev/haskdev.sh
	chmod u+x /home/haskdev/haskdev.sh
	su - -c /home/haskdev/haskdev.sh haskdev
	rm -rf /home/haskdev/haskdev.sh

	# Haskdev can shut the machine down
	# http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
	echo "haskdev ALL= NOPASSWD: /sbin/shutdown -h now, /usr/bin/lastb" >> /etc/sudoers

	cd $HOME
	rm -rf ghc*
	rm -rf libevent*
	rm -rf tmux*
	rm -rf vim*

	elif [ `whoami` = haskdev ]; then

	# Configuring vim
	curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.vimrc

	mkdir -p ~/.vim/autoload ~/.vim/bundle && \
	curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim

	cd .vim/bundle
	git clone https://github.com/Shougo/unite.vim.git
	git clone https://github.com/tpope/vim-surround.git
	git clone https://github.com/tpope/vim-repeat
	git clone https://github.com/sirver/ultisnips
	git clone https://github.com/dag/vim2hs
	cd $HOME

	mkdir .vim/colors
	cd .vim/colors
	curl -L -O https://raw.githubusercontent.com/fugalh/desert.vim/master/desert.vim
	cd $HOME

	# Configuring tmux
	# Note that prefix is set to C-j
	curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.tmux.conf

	# Necessary for tmux to work
	echo export LD_LIBRARY_PATH=/usr/local/lib >> $HOME/.bash_profile


	# Installing Cabal
	curl -O http://www.haskell.org/cabal/release/cabal-install-1.20.0.2/cabal-install-1.20.0.2.tar.gz
	tar -zxvf cabal-install-1.20.0.2.tar.gz
	cd cabal-install-1.20.0.2
	./bootstrap.sh
	cd $HOME

	echo "PATH=\$PATH:\$HOME/.cabal/bin" >> .bash_profile
	echo "export PATH" >> .bash_profile

	PATH=$PATH:$HOME/.cabal/bin
	cabal update

	cd $HOME
	rm -rf cabal-install*

	echo "set -o vi" >> .bashrc
	echo ''alias dockerX11run=\''docker run -v $HOME:/hosthome:ro -e XAUTHORITY=/hosthome/.Xauthority -e DISPLAY=$(echo $DISPLAY \| sed "s/^.*:/$(hostname -i):/")'''\' >> .bashrc

	else

	echo "Should not be here!!!"

	fi
No results found